Australian Bill to Force Tech Firms to Hand Over Encrypted Data, Passes First Hurdle

Australian Bill to Force Tech Firms to Hand Over Encrypted Data, Passes First Hurdle
A 3D printed Apple logo is seen in front of a displayed cyber code in this illustration taken Mar. 22, 2016. Dado Ruvic/Illustration/Reuters
Reuters
Updated:
SYDNEYThe Australian parliament’s lower house passed a bill to force tech firms such as Alphabet Inc’s Google, Facebook and Apple to give police access to encrypted data on Dec. 6, pushing it closer to becoming a precedent-setting law.

However, the proposal, staunchly opposed by the tech giants because Australia is seen as a test case as other nations explore similar rules, faces a sterner test in the upper house Senate, where privacy and information security concerns are sticking points.

The bill provides for fines of up to $10 million for institutions and prison terms for individuals for failing to hand over data linked to suspected illegal activities.

Earlier in the week it appeared set to secure enough support from both major political parties, with some amendments, to secure passage. However, the main opposition Labor party said on Dec. 6 the bill could undermine data security and jeopardize future information sharing with U.S. authorities.

“A range of stakeholders have said there is a real risk that the new powers could make Australians less safe ... (by) weakening the encryption that protects national infrastructure,” Labor’s Mark Dreyfus told parliament.

The proposed laws could also scupper cooperation with U.S. authorities because they lack sufficient privacy safeguards, Dreyfus said. Labor voted the bill through the lower house but was still negotiating with the government on the issue and would debate it in the Senate, he said.

Dec. 6 was the last parliamentary sitting day of the year until a truncated session in February, meaning the impasse could delay the laws for months.

The government has said the proposed laws are needed to counter militant attacks and organized crime and that security agencies would need to seek warrants to access personal data.

“I will fight to get those encryption laws passed,” Prime Minister Scott Morrison told reporters in Canberra after Dreyfus spoke. “I want to see our police have the powers they need to stop terrorists.”

Technology companies have strongly opposed efforts to create what they see as a back door to users’ data, a stand-off that was propelled into the public arena by Apple’s refusal to unlock an iPhone used by an attacker in a 2015 shooting in California.

Representatives of Google, Amazon and Apple did not respond immediately to a request for comment.

Apple has said in a public submission to lawmakers access to encrypted data would necessitate weakening the encryption and increase the risk of hacking.

A Facebook spokesman directed Reuters to a statement made by the Digital Industry Group Inc (DIGI), of which Facebook as well as Apple, Google, Amazon and Twitter, are members.

“This legislation is out of step with surveillance and privacy legislation in Europe and other countries that have strong national security concerns,” the DIGI statement said.

“Several critical issues remain unaddressed in this legislation, most significantly the prospect of introducing systemic weaknesses that could put Australians’ data security at risk,” it said.

If the bill becomes law, Australia would be one of the first nations to impose broad access requirements on technology companies, although others, particularly so-called Five Eyes countries, are poised to follow.

The Five Eyes intelligence network, comprised of the United States, Canada, Britain, Australia and New Zealand, have each repeatedly warned national security was at risk because authorities were unable to monitor the communications of suspects.

(This story has been refiled to amend headline to reflect bill’s passage through lower house of parliament)

By Tom Westbrook and Karishma Luthria